User Name Password Register
DaniWeb IT Discussion Community
All
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 455,974 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,754 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser: 64-bit Windows Community
Views: 2255 | Replies: 3
Reply
Join Date: Aug 2004
Posts: 1
Reputation: franco802 is an unknown quantity at this point 
Rep Power: 0
Solved Threads: 0
franco802 franco802 is offline Offline
Newbie Poster

Newbie with problems

  #1  
Aug 26th, 2004
Hello everyone! Glad I found this board!! I am going nuts with 2 problems I am having. Problem 1: I cannot open links on forums or anywhere!! When I click on a link nothing happens. Problem 2: When I click on (START) then (Search for files and folders) nothing happens. I am just trying to use my regular desktop search for files and folders and it dosen't do anything when I click on it. I ran hijack this and this is what I got:


Logfile of HijackThis v1.97.7
Scan saved at 12:47:17 AM, on 8/26/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\drieqchk.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\WINDOWS\System32\wstbase.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\Uit9952.exe
C:\WINDOWS\System32\Uit9952.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Documents and Settings\mycomputer\Local Settings\Temp\Temporary Directory 14 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll
O4 - HKLM\..\Run: [3K2SJMB3#XWWWM] C:\WINDOWS\System32\Vryu.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [p7rh3FU] drieqchk.exe
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [Yw0nRPY4U] wstbase.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O13 - DefaultPrefix: c:\searchpage.html?page=
O13 - WWW Prefix: c:\searchpage.html?page=
O13 - Home Prefix: c:\searchpage.html?page=
O13 - Mosaic Prefix: c:\searchpage.html?page=



Tried deleting some of that stuff but it kept coming back after I would run hijack this over and over! I can't even search to delete anything because search won't work on my desktop. Also, I get pop ups all day like a MOFO!!HEEEELP!!! :!:
AddThis Social Bookmark Button
Reply With Quote  
Join Date: Dec 2003
Location: Marin County, CA
Posts: 6,439
Reputation: DMR will become famous soon enough DMR will become famous soon enough 
Rep Power: 18
Solved Threads: 339
Colleague
DMR's Avatar
DMR DMR is offline Offline
Wombat At Large

Re: Newbie with problems

  #2  
Aug 26th, 2004
Hi franco802,

As noted in the announcement at the top of each main forum page, HijackThis logs are only to be posted in the Security forum. Given that, I'm moving your thread to Security now.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing


Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.

However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Reply With Quote  
Join Date: Dec 2003
Location: Marin County, CA
Posts: 6,439
Reputation: DMR will become famous soon enough DMR will become famous soon enough 
Rep Power: 18
Solved Threads: 339
Colleague
DMR's Avatar
DMR DMR is offline Offline
Wombat At Large

Re: Newbie with problems

  #3  
Aug 26th, 2004
OK, first of all:

1. You are running an older version of HJT. Please get the newest (1.98.2) version.

2. You are running HijackThis from a Temp directory, which is not recommended. When you download the new HJT version, create a separate new folder for it (some thing like C:\HijackThis or C:\downloads\HijackThis). When HJT runs, it creates backup files before it fixes anything, just in case you "fixed" the wrong thing. By putting HJT in its own folder, you'll have those files available in that folder should you need them.

Post the log from version 1.98.2 and we'll take it from there. You might also want to run the utilities Ad Aware and SpyBot before running HJT; they will detect and remove a lot of the parasites from your system. Links to those programs are in my sig below.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing


Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.

However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Reply With Quote  
Join Date: Feb 2004
Location: Oztralya
Posts: 8,015
Reputation: crunchie is a jewel in the rough crunchie is a jewel in the rough crunchie is a jewel in the rough 
Rep Power: 23
Solved Threads: 455
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Newbie with problems

  #4  
Aug 27th, 2004
You also have the peper trojan. To remove it please do the following:

Download the PeperFix.exe tool from here:

http://downloads.subratam.org/PeperFix.exe

Click on the PeperFix.exe to launch it.

Click the Find and Fix button.

It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot and it will delete the peper files.
Ensure that you are online before starting the fix. Make sure to run the fix twice.

Make sure you do what DMR requested & post the log as there will be remnants to delete.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster

Please do not PM me for help. Instead, post in the public forum where others may benefit.
Reply With Quote  
Reply

Only community members can participate in forum threads. You must register or log in to contribute.

DaniWeb Viruses, Spyware and other Nasties Marketplace
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 

Thread Tools Display Modes

Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum

All times are GMT -4. The time now is 9:17 am.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC